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SEMICONDUCTOR INTEGRATED CIRCUIT DEVICE, 




PROGRAM DELIVERY METHOD, AND PROGRAM DELIVERY SYSTEM 



The present application is a Divisional of U.S. Application No, 



-RELATED APPLICATIONS 



10/611,879, filed on July 3, 2003, which claims priority of Japanese Patent Application No. 
2002-318172 filed on October 31, 2002, the contents of which are hereby incorporated by 
reference. — 



The present invention relates to a semiconductor LSI having the function of 
decrypting an encrypted program and executing the decrypted program which is mounted 
on information equipment or the like. More particularly, it relates to a processing system 
and method for encrypting a program and delivering the encrypted program from a device 

1 5 at-a associated with a program owner to a device a^a associated with a program user. 

With the widespread use of information equipment capable of rewriting a program 
or executing a user program, a system for preventing illegal copying of software has been 
devised in recent years. In a method in which a program is encrypted and delivered, 
provision has been made to prevent the copying of a program for decrypting the encrypted 

20 program (hereinafter referred to as the "decryption program". For example, a decryption 
program is disposed in the internal memory of an LSI from which it cannot be read from 
the outside and the decrypted program is further protected from being read from the 
outside (see, e.g., Japanese Laid-Open Patent Publication No. HEI 8-30558). 
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BACKGROUND OF THE INVENTION 



FIG. 18 is a block diagram showing a conventional semiconductor integrated 



25 



circuit device for executing an encrypted program. 
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The semiconductor integrated circuit device 1 shown in FIG. 18 has: a CPU 3; 
internal mimories 4 and 5 for inputting/outputting data via an internal bus 7; a bus port 6 
for controlling the inputting/outputting of data to and from the outside via an external bus 
2; an I/O port 9 connected to the CPU 3 via an I/O bus 8; a memory port 10 for controlling 
5 the internal RAM 5; and control registers 11 for controlling the memory port 10. 

A decryption program for decrypting the encrypted program is stored in the 
internal ROM 4. The encrypted program is read in the internal RAM 5 and decrypted in 
accordance with the decryption program. The decrypted program is written in the internal 
RAM 5. The decrypted program written in the internal RAM 5 is protected from being read 
10 from the memory port 10 to the outside under the control of the control registers 11. 

However, since the decryption program is kept in the LSI as described above, an 
internal nonvolatile memory should be provided in the LSI, which increases cost required 
for the LSI. 

In addition, if a malicious program is encrypted, read in the LSI, and then 
15 executed, the decryption program may be transferred by the program to the outside and 
hacked. The use of the decryption program that has been hacked makes it possible to hack 
the encrypted program. Once the encrypted program is hacked, the LSI cannot be used any 
more since the decryption program cannot be changed. 

A problem has also been encountered that an encryption program and an 
20 encryption strength cannot be selected by the encrypted program transferor. 

SUMMARY OF THE INVENTION 
It is therefore an object of the present invention to provide a lower-cost 
semiconductor integrated circuit device which allows a reduction in the probability that an 
encrypted program is hacked. 
25 To solve the foregoing problems, a first semiconductor integrated circuit device 

2 
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according to the present invention comprises: a first memory for inputting and outputting 
data between a bus and itself; a second memory for inputting and outputting data between 
the bus and itself; a secret key holder for holding a secret key; a bus port for controlling 
access from outside to the bus; a CPU for storing an encrypted program and a decryption 
5 program in the first memory via the bus port, decrypting the encrypted program by using 
the decryption program and the secret key, and executing the decrypted program; and a 
controller for causing, when the encrypted program and the decryption program are stored 
in the first memory, the bus port to disable access from the outside, enabling access to the 
first and second memories, and thereby transferring the encrypted program and the 

10 decryption program from the first memory to the second memory, disabling access to the 
first memory when the transfer is completed, and disabling access to the second memory 
when the decryption and the execution of the decrypted program are completed. 

With the first semiconductor integrated circuit device according to the present 
invention, it is no more necessary to provide the semiconductor integrated circuit device 

15 with an internal nonvolatile memory for keeping the decryption program so that a cost 
reduction is achieved. Moreover, the encrypted program can be decrypted and executed, 
while the program and data under decryption are not monitored from the outside. This 
reduces the probability that the encrypted program is hacked. 

Preferably, the first semiconductor integrated circuit device according to the 

20 present invention further comprises: a secret key access port for controlling access from the 
CPU to the secret key holder, wherein the secret key access port enables access to the 
secret key holder when the transfer is completed and disables access to the secrete key 
holder when the execution of the decrypted program is completed. 

In the first semiconductor integrated circuit device according to the present 

25 invention, the CPU preferably includes a register and erases data stored in the register if 
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the execution of the decrypted program is completed. 

In the first semiconductor integrated circuit device according to the present 
invention, the controller preferably controls access to the first and second memories by 
controlling chip select signals to the first and second memories. 
5 In the first semiconductor integrated circuit device according to the present 

invention, the controller preferably includes a flag storing portion for storing first and 
second flags, enables access to the first and second memories when the first flag is set, 
disables access to the first memory when the first flag is reset and the second flag is set, 
and disables access to the second memory when each of the first and second flags is reset, 

10 the bus port preferably disables access from the outside when at least one of the first and 
second flags is set, and the CPU preferably sets the first and second flags when the 
encrypted program and the decryption program are inputted to the first memory, resets the 
first flag when the transfer is completed, and resets the second flag when the execution of 
the decrypted program is completed. 

15 To solve the foregoing problems, a second semiconductor integrated circuit device 

according to the present invention comprises: a first memory for inputting and outputting 
data between a bus and itself; a second memory for inputting and outputting data between 
the bus and itself; a first memory port connected between the bus and the first memory to 
control access from the bus to the first memory; a second memory port connected between 

20 the bus and the second memory to control access from the bus to the second memory; a 
secret key holder for holding a secret key; a bus port for controlling access from outside to 
the bus; a CPU having a register, the CPU writing an encrypted program and a decryption 
program in the first memory via the bus port, decrypting the encrypted program by using 
the decryption program and the secret key, writing the decrypted program in the second 

25 memory, and executing the decrypted program; and a controller for causing, when the 
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writing to the first memory is completed, the bus port to disable access from the outside to 
the bus, causing the first memory port to disable the writing to the first memory, and 
causing the second memory port to enable access to the second memory and causing, when 
the execution of the decrypted program is completed, the CPU to erase data stored in the 
5 register and disable access to the secrete key holder, while causing the second memory port 
to disable access to the second memory. 

With the second semiconductor integrated circuit device according to the present 
invention, it is no more necessary to provide the semiconductor integrated circuit device 
with an internal nonvolatile memory for keeping the decryption program so that a cost 

10 reduction is achieved. Moreover, the encrypted program can be decrypted and executed, 
while the program and data under decryption are not monitored from the outside. This 
reduces the probability that the encrypted program is hacked. 

To solve the foregoing problems, a third semiconductor integrated circuit device 
according to the present invention comprises: a first memory for inputting and outputting 

1 5 data between a bus and itself; a second memory for inputting and outputting data between 
the bus and itself; a memory port connected between the bus and the first memory to 
control access from the bus to the first memory; a secret key holder for holding a secret 
key; a bus port for controlling access from outside to the bus; a CPU having a register, the 
CPU writing an encrypted program and a decryption program in the first memory via the 

20 bus port, decrypting the encrypted program by using the decryption program and the secret 
key, writing the decrypted program in the second memory, and executing the decrypted 
program; and a controller including a memory initializer for erasing data in the second 
memory, the controller causing, when the wiring to the first memory is completed, the bus 
port to disable access from the outside to the bus and causing the memory port to disable 

25 the writing to the first memory and causing, when the execution of the decrypted program 
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is completed, the CPU to erase data stored in the register and disable access to the secret 
key holder and causing the memory initializer to erase the data in the second memory. 

With the third semiconductor integrated circuit device according to the present 
invention, it is no more necessary to provide the semiconductor integrated circuit device 
5 with an internal nonvolatile memory for keeping the decryption program so that a cost 
reduction is achieved. Moreover, the encrypted program can be decrypted and executed, 
while the program and data under decryption are not monitored from the outside. This 
reduces the probability that the encrypted program is hacked. 

To solve the foregoing problems, a fourth semiconductor integrated circuit device 

10 according to the present invention comprises: a first memory for inputting and outputting 
data between a bus and itself; a second memory for inputting and outputting data between 
the bus and itself; a secret key holder for holding a secret key; a decryption key holder for 
holding a decryption key; a bus port for controlling access from outside to the bus; a CPU 
including a register, the CPU performing first storage for storing the encrypted decryption 

15 key and a decryption key decryption program in the first memory via the bus port, 
performing first decryption for decrypting the encrypted decryption key by using the 
decryption key decryption program and the secret key, writing the decrypted decryption 
key in the decryption key holder, performing second storage for storing an encrypted 
program and a decryption program in the first memory, performing decryption for 

20 decrypting the encrypted program by using the decryption program and the decrypted 
decryption key, and executing the decrypted program; and a controller for causing, when 
the first storage to the first memory is completed, the bus port to disable access from the 
outside to the bus and enabling access to the first and second memories such that the 
encrypted decryption key and the decryption key decryption program are transferred from 

25 the first memory to the second memory, enabling, when the transfer is completed, access to 
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the secret key holder and disabling access to the first memory; causing, when the first 
decryption is completed, the CPU to erase data stored in register and disable access to the 
secret key holder, while disabling access to the second memory, enabling access to the first 
memory, and causing the bus port to enable access from the outside to the bus, causing, 
5 when the second storage to the first memory is completed, the bus port to disable access 
from the outside to the bus and enabling access to the second memory such that the 
encrypted program and the decryption program are transferred from the first memory to the 
second memory, enabling, when the transfer is completed, access to the decryption key 
holder and disabling access to the first memory, and causing, when the second decryption 
10 and the execution of the decrypted program are completed, the CPU to erase data stored in 
the register and disable access to the secret key holder and disabling access to the second 
memory. 

With the fourth semiconductor integrated circuit device according to the present 
invention, it is no more necessary to provide the semiconductor integrated circuit device 

15 with an internal nonvolatile memory for keeping the decryption program so that a cost 
reduction is achieved. Moreover, the encrypted program can be decrypted and executed, 
while the program and data under decryption are not monitored from the outside. This 
reduces the probability that the encrypted program is hacked. In addition, the encryption 
program and the encryption strength can be selected at the encrypted program transferor. 

20 To solve the foregoing problems, a first program delivery method according to the 

present invention is a program delivery method for delivering a program between a first 
device and a second device, the method comprising the steps of: transferring a public key 
from the second device to the first device; transferring a decryption program to the second 
device from the outside thereof; encrypting the program by using the public key in the first 

25 device and transferring the encrypted program to the second device; and decrypting the 
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encrypted program by using a secret key corresponding to the public key and the 
decryption program in the second device. 

In accordance with the first program delivery method of the present invention, it is 
no more necessary to provide the semiconductor integrated circuit device with an internal 
5 nonvolatile memory for keeping the decryption program so that a cost reduction is 
achieved. Moreover, the encrypted program can be decrypted and executed, while the 
program and data under decryption are not monitored from the outside. This reduces the 
probability that the encrypted program is hacked. 

To solve the foregoing problems, a second program delivery method according to 

10 the present invention is a program delivery method for delivering a program between a first 
device and a second device, the method comprising the steps of: transferring a public key 
from the second device to the first device; encrypting a decryption key by using the public 
key in the first device and transferring the encrypted decryption key to the second device; 
decrypting the encrypted decryption key by using a secret key corresponding to the public 

1 5 key in the second device; encrypting the program by using an encryption key 
corresponding to the decryption key in the first device and transferring the encrypted 
program to the second device; and decrypting the encrypted program by using the 
decrypted decryption key in the second device. 

In accordance with the second program delivery method of the present invention, 

20 it is no more necessary to provide the semiconductor integrated circuit device with an 
internal nonvolatile memory for keeping the decryption program so that a cost reduction is 
achieved. Moreover, the encrypted program can be decrypted and executed, while the 
program and data under decryption are not monitored from the outside. This reduces the 
probability that the encrypted program is hacked. In addition, the encryption program and 

25 the encryption strength can be selected at the encrypted program transferor. 
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To solve the foregoing problems, a first program delivery system according to the 
present invention is a program delivery system for delivering a program, the system 
comprising: a first device and a second device, the first device encrypting the program by 
using a public key and transferring the encrypted program to the second device and the 
5 second device decrypting the program encrypted by the first device by using a secret key 
corresponding to the public key and a decryption program transferred from the outside of 
the second device. 

In accordance with the first program delivery system of the present invention, it is 
no more necessary to provide the semiconductor integrated circuit device with an internal 

10 nonvolatile memory for keeping the decryption program so that a cost reduction is 
achieved. Moreover, the encrypted program can be decrypted and executed, while the 
program and data under decryption are not monitored from the outside. This reduces the 
probability that the encrypted program is hacked. 

To solve the foregoing problems, a second program delivery system according to 

15 the present invention is a program delivery system for delivering a program, the system 
comprising: a first device and a second device, the first device encrypting a decryption key 
by using a public key, transferring the encrypted decryption key to the second device, 
encrypting the program by using an encryption key corresponding to the decryption key, 
and transferring the encrypted program to the second device, the second device decrypting 

20 the decryption key encrypted by the first device by using a secret key corresponding to the 
public key and decrypting the program encrypted by the first device by using the decrypted 
decryption key. 

In accordance with the second program delivery system of the present invention, it 
is no more necessary to provide the semiconductor integrated circuit device with an 
25 internal nonvolatile memory for keeping the decryption program so that a cost reduction is 
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achieved. Moreover, the encrypted program can be decrypted and executed, while the 
program and data under decryption are not monitored from the outside. This reduces the 
probability that the encrypted program is hacked. In addition, the encryption program and 
the encryption strength can be selected at the encrypted program transferor. 
5 BRIEF DESCRIPTION OF THE DRAWINGS 

FIG.1 is a block diagram for illustrating a structure of a semiconductor integrated 
circuit device in a first embodiment of the present invention; 

FIG. 2 is a flow chart showing the procedure of decrypting an encrypted program; 

FIG 3 is a block diagram for illustrating a structure of a semiconductor integrated 
10 circuit device in a second embodiment of the present invention; 

FIG 4 is a flow chart showing the procedure of decrypting an encrypted program; 

FIG 5 is a block diagram for illustrating a structure of a semiconductor integrated 
circuit device in a third embodiment of the present invention; 

FIG 6 is a flow chart showing the procedure of decrypting an encrypted program; 
15 FIG 7 is a block diagram for illustrating a structure of a semiconductor integrated 

circuit device in a fourth embodiment of the present invention; 

FIG 8 is a flow chart showing the procedure of decrypting an encrypted 
decryption key; 

FIG 9 is a view showing correlations among the respective states of flags, a bus 
20 port, and chip select signals; 

FIG 10 is a flow chart showing the procedure of decrypting an encrypted 
program; 

FIG 11 is a view showing the transfer of a public key from a program user to a 
program developer; 
25 FIG 12 is a view showing the encryption of a decryption key; 

10 
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FIG 13 is a view showing the transfer of an encrypted decryption key from the 
program developer to the program user; 

FIG 14 is a view showing the decryption of an encrypted decryption key; 

FIG 15 is a view showing the encryption of a program; 
5 FIG 16 is a view showing the transfer of an encrypted program from the program 

developer to the program user; 

FIG 17 is a view showing the decryption of an encrypted program; and 

FIG 18 is a block diagram showing a structure of a conventional semiconductor 
integrated circuit device. 
1 0 DETAILED DESCRIPTION OF THE INVENTION 

Referring to the drawings, the individual embodiments of the present invention 
will be described herein below. 
EMBODIMENT 1 

FIG 1 is a block diagram for illustrating a structure of a semiconductor integrated 
15 circuit device 101 in a first embodiment of the present invention. 

As shown in FIG 1, an encrypted program is transferred from a PC 128a 
(corresponding to a first device) which is a device at a program developer to a program 
user via a PC 126. In the semiconductor integrated circuit device 101 (corresponding to a 
second device) within information equipment 140 at the user, the encrypted program is 
20 decrypted by using a secret key and a decryption program. 

The PC 128a is a device at the program developer and keeps a program D128a 
and an encryption program 128b for encrypting a program. 

The information equipment 140 is equipment at the program user and has: the 
semiconductor integrated circuit device 101; a flash memory 123a for keeping a decryption 
25 program D123a; a USB upstream port 124; and peripheral equipment 150. An outer bus 
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102 provides connection among the semiconductor integrated circuit 101, the flash 
memory 123a, and the USB upstream port 124. 

The semiconductor integrated circuit device has: a CPU 103a; internal RAMs 104 
(corresponding to a first memory) and 105 (corresponding to a second memory); a public 
5 key storing register 106; a bus port 110a; a security controller 111a; and an I/O port 122. 
The internal bus 109 is connected in the manner as shown in the drawing. 

The CPU 103a has a general-purpose register controller 119a and general-purpose 
registers 120a. 

The security controller 111a has a flag storing portion 113a for storing a program 
10 decryption execute flag 112F (corresponding to a second flag) and a RAM copy flag 113F 
(corresponding to a first flag) , a chip select dispatcher 114a, and a DMA controller 118a. 

A specific description will be given to the respective contents and operations of 
the individual elements. 

The external bus 102 is used to transfer a public key stored in the public key 
15 storing register 106 to the personal computer 128a and transfer a program encrypted by 
using the public key and the encryption program D128b to the semiconductor integrated 
circuit device 101. 

The CPU 103a operates in accordance with a program stored in the internal 
RAMs 104 and 105 or in the flash memory 123a. The CPU 103a not only operates a 
20 normal program but also decrypts an encrypted program and executes the decrypted 
program. The CPU 103a also transfers the encrypted program inputted from the outside 
and the decryption program D123a to the internal RAM 104. 

The internal RAM 104 is a memory used during a normal operation, i.e., when 
either of the decryption program D123a and the decrypted program is not executed. A 
25 description will be given to the case where a program encrypted by using the public key 
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and the encryption program D128b is decrypted and executed. First, the encrypted program 
and the decryption program D123a in the flash memory 123a are transferred by the CPU 
103a to the internal RAM 104 in the state in which the external bus 102 and the internal 
bus 109 are connected to each other by the bus port 110a. Then, after the bus port 110a 
5 disconnects the external bus 102 and the internal bus 109 from each other, the encrypted 
program and the decryption program D123a are transferred by the DMA controller 118a 
from the internal RAM 104 to the internal RAM 105. Thereafter, the security controller 
111a disables access from the internal bus 109 to the internal RAM 104 until the execution 
of the decrypted program is completed. 

10 The internal RAM 105 is used during the execution of the decryption program 

D123a and during the execution of the decrypted program. A description will be given to 
the case where the encrypted program is decrypted and executed. After the bus port 110a 
disconnects the external bus 102 and the internal bus 109 from each other, the encrypted 
program and the decryption program D123a are transferred by the DMA controller 118a 

15 from the internal RAM 104 to the internal RAM 105. In the state in which the external bus 
102 and the internal bus 109 are connected to each other by the bus port 110a, the security 
controller 111a disables access from the internal bus 109 to the internal RAM 105. 
Accordingly, the decrypted program temporarily stored in the internal RAM 105 and data 
during the execution of a decryption process are not monitored from the outside. 

20 The public key storing register 106 is a register storing therein a public key, which 

is used only for reading. The public key is transferred to the personal computer 128a 
disposed outside the semiconductor integrated circuit device 101 and used when the 
program D128a is encrypted in accordance with the encryption program D128b. 

The secret key storing register 107 is a register storing therein a secret key, which 

25 is used only for reading. The secret key is used when the encrypted program is decrypted in 

13 



Substitute Specification 
(Marked-Up Copy) 

accordance with the decryption program D123a. 

The secret key access port 108a enables the CPU 103a to read the secrete key 
from the secret key storing register 107 only while the RAM copy flag 113F is reset. 
Specifically, the secret key access port 108a enables the CPU 103a to read the secret key 
5 from the secret key storing register 107 only while the program is decrypted, the decrypted 
program is executed after the decryption program D123a is initiated, the transfer of the 
encrypted program and the decryption program D123a from the internal RAM 104 to the 
internal RAM 105 is completed, and the RAM copy flag 113F is reset. At any time other 
than the above, the secret key access port 108a disables the reading of the secret key. 

10 The internal bus 109 is used to transfer a program and data within the 

semiconductor integrated circuit device 101. 

The bus port 110a disconnects the internal bus 109 and the external bus 102 from 
each other if at least one of the program decryption execute flag 112F and the RAM copy 
flag 113F is set. Accordingly, the internal bus 109 and the internal RAM 105 are not 

1 5 monitored from the outside during the transfer of the encrypted program and the decryption 
program D123a and during the execution of the decryption program D123a and the 
decrypted program. In any case other than the above, the internal bus 109 and the external 
bus 102 are connected to each other. 

The security controller 111a is internally provided with the flag storing portion 

20 113a for keeping the program decryption execute flag 112F and the RAM copy flag 113F, 
with the chip select dispatcher 114a, and with the DMA controller 118. The security 
controller 111a controls the bus port 110a, the secret key access port 108a, chip select 
signals 116S and 117S, and the general-purpose register controller 119a in decrypting the 
program encrypted by using the encryption program D128b and the public key stored in 

25 the public key storing register 106 and executing the decrypted program. 

14 
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A description will be given to the case where the program encrypted by the 
encryption program D128b is decrypted and executed. First, when the encrypted program 
and the decryption program D123a are transferred by the CPU 103a to the internal RAM 
104 in the state in which the external bus 102 and the internal bus 109 are connected to 
5 each other by the bus port 110a, the bus port 110a then disconnects the external bus 102 
and the internal bus 109 from each other. Then, the chip select dispatcher 114a asserts the 
chip select signals 116S and 117S such that the program encrypted by the DMA controller 
118a and the decryption program D123a are transferred from the internal RAM 104 to the 
internal RAM 105. When the transfer is completed, the chip select dispatcher 114a negates 

10 the chip select signal 116S and then shifts to the control of the CPU 103a. When the 
program is decrypted in the CPU 103a and the execution of the decrypted program is 
completed, a completion notice is given to the chip select dispatcher 114a. Upon receipt of 
the notice, the chip select dispatcher 114a generates the chip select signal 117S, causes the 
general-purpose register controller 119a to initialize the general-purpose registers 120a, 

15 and outputs the chip select signal 115S from the CPU 103a as the chip select signal 116S. 
Thereafter, the bus port 110a connects the internal bus 109 and the external bus 102 to each 
other. 

The program decryption execute flag 112F is set by the CPU 103a at the initiation 
of the decryption program D123a and reset by the CPU 103a at the completion of the 
20 execution of the decrypted program. The decryption program D123a is initiated, the 
transfer of the encrypted program and the decryption program D123a from the internal 
RAM 104 to the internal RAM 105 is completed, and the RAM copy flag 113F is reset. 
While the encrypted program is decrypted and the decrypted program is executed thereafter, 
access to the internal RAM 104 is disabled, while access to the internal RAM 105 and to 
25 the secret key storing register 107 is enabled. When the program decryption execute flag 

15 
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112F is reset, access to the internal RAM 105 and to the secret key storing register 107 is 
disabled. 

The RAM copy flag 113F is set by the CPU 103a at the initiation of the 
decryption program D123a and reset at the completion of data transfer from the internal 
5 RAM 104 to the internal RAM 105. Since the internal RAMs 104 and 105 are at the same 
location on a memory map, the respective chip select signals to the internal RAMs 104 and 
105 are not normally asserted simultaneously. However, each of the chip select signals 
116S and 117S from the chip select dispatcher 114a to the internal RAMs 104 and 105 is 
asserted by setting the RAM copy flag 113F when the encrypted program or the like is to 

10 be transferred from the internal RAM 104 to the internal RAM 105. 

The chip select dispatcher (hereinafter referred to as "CS dispatcher") 114a asserts 
each of the chip select signals 116S and 117S when the RAM copy flag 113F is set, thereby 
enabling the DMA controller 118a to transfer the encrypted program and the decryption 
program D123a from the internal RAM 104 to the internal RAM 105. When the program 

1 5 decryption execute flag 112F is set and the RAM copy flag 113F is reset, the CS dispatcher 
114a negates the chip select signal 116S and transfers the chip select signal 115S as the 
chip select signal 117S. This enables access to the internal RAM 105 during the decryption 
of the encrypted program and during the execution of the decrypted program. In any case 
other than those mentioned above, the CS dispatcher 114a transfers the chip select signal 

20 115S as the chip select signal 116S and negates the chip select signal 117S, thereby 
disabling access to the internal RAM 105 during a normal operation, i.e., when either of 
the decryption program D123a and the decrypted program is not executed. 

The chip select signal 115S is outputted from the CPU 103a and asserted when the 
internal RAM 104 or the internal RAM 105 is to be accessed. 

25 The chip select signals 116S and 117S are outputted from the CS dispatcher 114a. 



Substitute Specification 
(Marked- Up Copy) 

The chip select signal 116S is asserted when the internal RAM 104 is to be accessed. The 
chip select signal 117S is asserted when the internal RAM 105 is to be accessed. 

When the RAM copy flag 113F is set, the DMA controller 118a transfers the 
encrypted program and the decryption program D123a from the internal RAM 104 to the 
5 internal RAM 105. When the transfer is completed, the RAM copy flag 113 is reset. 

The general-purpose register controller 119a resets the general-purpose registers 
120a when the program decryption execute flag 112F is reset. During the decryption of the 
encrypted program, therefore, data generated in the general-purpose registers 120a during 
the execution of the decrypted program is not monitored from the outside. 
10 The I/O port 122 is connected to the CPU 103a via the I/O bus 121. The I/O port 

122 is also connected to an external circuit such as a sound module 151 or a video module 
152 in the peripheral equipment 150. 

The flash memory 123a keeps the decryption program D123a. 

The decryption program D123a is transferred to the internal RAM 105 via the 
15 internal RAM 104 within the semiconductor integrated circuit device 101 and used in 
conjunction with the secret key stored in the secret key storing register 107 when the 
encrypted program is decrypted. 

The USB upstream port 124 is connected to the personal computer 126 via a USB 
cable 125 and used to transfer the encrypted program to the semiconductor integrated 
20 circuit device 101. 

The USB cable 125 is used to transfer the encrypted program from the personal 
computer 126 to the USB upstream port 124. 

The personal computer 126 receives the encrypted program from the personal 
computer 128a and transfers the encrypted program to the information equipment 140 on 
25 which the semiconductor integrated circuit device 101 is mounted. 
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A network line 127 is used to transfer the encrypted program from the personal 
computer 128 to the personal computer 126. 

The personal computer 128 receives the public key stored in the public key storing 
register 106 from the personal computer 126 via the network line 127, encrypts the 
5 program D128a by using the encryption program D128b and the public key, and transfers 
the encrypted program to the personal computer 126 via the network line 127. 

The program 128a is encrypted by using the encryption program D128b and the 
public key stored in the public key storing register 106 and then transferred to the 
semiconductor integrated circuit device 101 via the network line 127, the personal 
10 computer 126, the USB cable 125, the USB upstream port 124, and the external bus 102. 
The encrypted program 128a is decrypted in the semiconductor integrated circuit device 
101 by using the decryption program D123a and the secret key stored in the secret key 
storing register 107. 

A reference numeral D128b denotes an encryption program for encrypting the 
15 program D128a by using the public key stored in the public key storing register 106. 

The information equipment 140 has: the semiconductor integrated circuit device 
101; the peripheral equipment 150; the flash memory 123a; and the USB upstream port 
124. 

The peripheral equipment 150 has: the sound module 151; and the video module 
20 152 and is connected to the I/O port 122 in the semiconductor integrated circuit device 101. 

The sound module 151 is connected to the I/O port 122 of the semiconductor 
integrated circuit device 101 to perform reproduction, recording, and the like of a sound 
through the transmission and reception of transferred data and the reception of a control 
signal. 

25 The video module 152 is connected to the I/O port 122 of the semiconductor 
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integrated circuit device 101 to perform reproduction of a dynamic picture image through 
the transmission and reception of transferred data and the reception of a control signal. 

Referring to FIG 2, the outline of the procedure of decrypting the encrypted 
program to generate the program D128a and executing the program D128a will be 
5 described. 

FIG. 2 is a flow chart showing the procedure of decrypting the encrypted program 
in the first embodiment. 

First, in Step ST201, the CPU 103a transfers the decryption program D123a and 
the encrypted program to the internal RAM 104. 
10 When the transfer is completed, the whole process then advances to Step ST202 

where the CPU 103a sets the program decryption execute flag 112F and the RAM copy 
flag 113F. At this time, the bus port 110a disconnects the internal bus 109 and the external 
bus 102 from each other. 

After the disconnection, the whole process then advances to Step ST203 where the 
15 DMA controller 118a transfers the decryption program D123a and the encrypted program 
in the internal RAM 104 to the internal RAM 105. 

When the transfer is completed, the whole process then advances to Step ST204 
where the CPU 103a resets the RAM copy flag 113F. From the resetting of the RAM copy 
flag 113F on till the completion of Step ST206, which will be described later, the CS 
20 dispatcher 114a does not assert the chip select signal 116S. 

The whole process then advances to Step ST205 where the CPU 103a executes 
the decryption program D123a, decrypts the encrypted program by using the secret key 
stored in the secret key storing register 107 to generate the program D128a, and writes the 
generated program D128a in the internal RAM 105. 
25 The whole process then advances to Step ST206 where the CPU 103a executes 
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the program D128a. 

Finally, the whole process advances to Step ST207 where the CPU 103a resets the 
program decryption execute flag 112F. When the program decryption execute flag 112F is 
reset, the general-purpose register controller 119a resets the general-purpose registers 120a. 
5 When the program decryption execute flag 112a is reset, the bus port 110a connects the 
internal bus 109 and the external bus 102 to each other, while the CS dispatcher 114a 
outputs the chip select signal 116S as the chip select signal 115S and negates the chip 
select signal 117S. 

Since the chip select signal 116S is not asserted while the decryption program 
10 D123a is executed and the program D128a is generated, the data and program D128a 
under decryption are not stored in the internal RAM 104. Since the chip select signal 117S 
is negated while the external bus 102 and the internal bus 109 are connected to each other 
by the bus port 110a, the data and program D128a under decryption is prevented from 
being monitored from the outside. 
15 Thus, according to the first embodiment, it is no more necessary to provide the 

semiconductor integrated circuit device with an internal nonvolatile memory for keeping 
the decryption program so that a cost reduction is achieved. Moreover, the encrypted 
program can be decrypted and executed, while the program and data under decryption are 
not monitored from the outside. This reduces the probability that the encrypted program is 
20 hacked. 

EMBODIMENT 2 

FIG. 3 is a block diagram showing a structure of a semiconductor integrated 
circuit device 301 according to a second embodiment of the present invention. 

A semiconductor integrated circuit 301 shown in FIG. 3 is different from the 
25 semiconductor integrated circuit device 101 shown in FIG. 1 in that it further comprises a 

20 
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memory port 302 (corresponding to a first memory port) and a memory port 303 
(corresponding to a second memory port). The semiconductor integrated circuit device 301 
is also different from the semiconductor integrated circuit device 101 in that a security 
controller 111b has only a flag storing portion 113b for storing the program decryption 
5 execute flag 112F. As for the other components, they operate similarly to the components 
shown in FIG 1 so that the description thereof will not be repeated. 

The memory port 302 halts writing to the internal RAM 104 under the control of 
the security controller when the program decryption execute flag 112F is set. In other 
words, data cannot be written in the internal RAM 104 during the decryption of the 
10 program and during the execution of the decrypted program. 

The memory port 303 halts access to the internal RAM 105 under the control of 
the security controller 111b when the program decryption execute flag 112F is reset. In 
other words, the internal RAM 105 cannot be accessed during the internal bus 109 and the 
external bus 102 are connected to each other by a bus port 110b. Accordingly, the 
15 decrypted program and data during the execution of a decryption process, which are 
written in the internal RAM 105, are not monitored from the outside. 

A description will be given next to the procedure of decrypting the encrypted 
program to generate the program D128a and executing the program D128a. 

FIG. 4 is a flow chart showing the procedure of decrypting the encrypted program 
20 in the second embodiment. 

First, in Step ST201, a CPU 103b transfers the decryption program D123a and the 
encrypted program to the internal RAM 104. 

When the transfer is completed, the whole process then advances to ST402 where 
the CPU 103b sets the program decryption execute flag 112F. At this time, the bus port 
25 110b disconnects the internal bus 109 and the external bus 102 from each other. The 
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memory port 302 halts writing to the internal RAM 104, while the memory port 303 
enables access to the internal RAM 105. 

Then, the whole process advances to Step ST205 where the CPU 103b executes 
the decryption program D123a, thereby decrypts the encrypted program by using the secret 
5 key stored in the secrete key storing register 107 to generate the program D128a, and 
writes the generated program D128a in the internal RAM 105. 

Then, the whole process advances to Step ST206 where the CPU 103b executes 
the program D128a. 

Finally, when the execution of the program D128a is completed, the whole 

10 process advances to Step ST207 where the program decryption execute flag 112F is reset. 
When the program decryption execute flag 112F is reset, the general-purpose register 
controller 119b resets the general-purpose registers 120b under the control of the security 
controller 111b. When the program decryption execute flag 112F is reset, the bus port 110b 
connects the internal bus 109 and the external bus 102 to each other, while the memory 

15 port 302 enables writing to the internal RAM 104 and the memory port 303 halts access to 
the internal RAM 105. 

In the semiconductor integrated circuit device 301, the memory port 302 executes 
the decryption program D123a and halts writing to the internal RAM 104 while the 
program D128a is generated so that the data and program D128a under decryption are not 

20 stored in the internal RAM 104. In addition, the memory port 303 halts access to the 
internal RAM 105 while the external bus 102 and the internal bus 109 are connected to 
each other by the bus port 110b so that the data and program D128a under decryption are 
not outputted to the outside. 

Thus, according to the second embodiment, it is no more necessary to provide the 

25 semiconductor integrated circuit device with an internal nonvolatile memory for keeping 
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the decryption program so that a cost reduction is achieved. Moreover, the encrypted 
program can be decrypted and executed, while the program and data under decryption are 
not monitored from the outside. This reduces the probability that the encrypted program is 
hacked. 
5 EMBODIMENT 3 

FIG. 5 is a block diagram showing a structure of a semiconductor integrated 
circuit device 501 according to a third embodiment of the present invention. 

A semiconductor integrated circuit device 501 shown in FIG. 5 is different from 
the semiconductor integrated circuit device 101 shown in FIG. 1 in that it further comprises 
10 a memory port 402. The semiconductor integrated circuit device 501 is also different from 
the semiconductor integrated circuit device 101 shown in FIG. 1 in that a security 
controller 111c has a flag storing portion 113c for storing the program decryption execute 
flag 112F and a RAM initializer 502 (corresponding to a memory initializer). As for the 
other components, they operate similarly to the components shown in FIG. 1 so that the 
1 5 description thereof will not be repeated. 

Immediately before the program decryption execute flag 112F is reset, the RAM 
initializer 502 writes "1" in each of the regions of the internal RAM 105 to erase data, 
thereby preventing the decrypted program and the data under decryption, which are written 
in the internal RAM 105, from being monitored from the outside. 
20 A description will be given next to the procedure of decrypting the encrypted 

program to generate the program D128a and executing the program D128a. 

FIG. 6 is a flow chart showing the procedure of decrypting the encrypted program 
in the third embodiment. 

First, in Step ST201, a CPU 103c transfers the decryption program D123a and the 
25 encrypted program to the internal RAM 104. 

23 
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When the transfer is completed, the whole process then advances to ST402 where 
the CPU 103c sets the program decryption execute flag 112F. At this time, a bus port 110c 
disconnects the internal bus 109 and the external bus 102 from each other, while the 
memory port 402 halts writing to the internal RAM 104 under the control of the security 
5 controller 111c. 

Then, the whole process advances to Step ST205 where the CPU 103c executes 
the decryption program D123a, thereby decrypts the encrypted program by using the secret 
key stored in the secrete key storing register 107 to generate the program D128a, and 
writes the generated program D128a in the internal RAM 105. 
10 When the generated program D128a is written in the internal RAM 105, the 

whole process then advances to Step ST206 where the CPU 103c executes the program 
D128a. 

The whole process then advances to Step ST607 where the RAM initializer 502 
writes "1" in each of the regions of the internal RAM 105 to erase data. 

15 Finally, when the data in the internal RAM 105 is erased, the whole process 

advances to Step ST207 where the program decryption execute flag 112F is reset. When 
the program decryption execute flag 112F is reset, the general-purpose register controller 
119c resets the general-purpose registers 120c under the control of the security controller 
111b. When the program decryption execute flag 112F is reset, the bus port 110c connects 

20 the internal bus 109 and the external bus 102 to each other, while the memory port 402 
enables writing to the internal RAM 104 under the control of the security controller 111c. 

In the semiconductor integrated circuit device 501, the memory port 402 executes 
the decryption program D123a and halts writing to the internal RAM 104 whi le the 
program D128a is generated so that the data and program D128a under decryption are not 

25 stored in the internal RAM 104. In addition, the RAM initializer 502 has completely erased 
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data in the internal RAM 105 immediately before the bus port 110c brings the external bus 
102 and the internal bus 109 in the disconnected state into the connected state so that the 
data and program D128a under decryption are not outputted to the outside. 

Thus, according to the third embodiment, it is no more necessary to provide the 
5 semiconductor integrated circuit device with an internal nonvolatile memory for keeping 
the decryption program so that a cost reduction is achieved. Moreover, the encrypted 
program can be decrypted and executed, while the program and data under decryption are 
not monitored from the outside. This reduces the probability that the encrypted program is 
hacked. 

10 EMBODIMENT 4 

FIG 7 is a block diagram showing a structure of a semiconductor integrated 
circuit device 701 according to a fourth embodiment of the present invention. 

A semiconductor integrated circuit device 701 shown in FIG. 7 is different from 
the semiconductor integrated circuit device 101 shown in FIG 1 in that it further comprises 

15 a decryption key access port 703 and a decryption key storing register 702. A PC 128d is 
different from the PC 128a shown in FIG. 1 in that it keeps a decryption key encryption 
program D728c, an encryption key D728d, and a decryption key D728e in addition to the 
program D728a and the encryption program D728b. A flag storing portion 113d is different 
from the flag storing portion 113a shown in FIG 1 in that it keeps a decryption key 

20 decryption flag 704F in addition to the program decryption execute flag 112F and the 
RAM copy flag 113F. A flash memory 123d is different from the flash memory 123a in 
that it keeps a decryption key decryption program D723b in addition to the decryption 
program 723a. As for the other components, they operate similarly to the components 
shown in FIG 1 so that a description will be given with particular emphasis on different 

25 portions between FIGS. 7 and 1. 
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A CPU 103d operates in accordance with a program stored in the internal RAM 
104 or 105 or in the flash memory 123d. Besides operating a normal program, the CPU 
103d executes the decryption of the encrypted decryption key and the decryption of the 
encrypted program as well as the decrypted program. The CPU 103d also transfers the 
5 encrypted decryption key inputted from the outside, the encrypted program, the decryption 
key encryption program D723b, and the decryption program D723a to the internal RAM 
104. 

The internal RAM 104 is a memory used during a normal operation, i.e., when 
none of the decryption program D723a, the decryption key decryption program D723b, 
10 and the decrypted program is executed. A description will be given to the case where the 
encrypted decryption key is decrypted and stored in the decryption key storing register 702. 
First, in the state in which the external bus 102 and the internal bus 109 are connected to 
each other by the bus port HOd, the CPU 103d transfers the encrypted decryption key and 
the decryption key decryption program D723b in the flash memory 123d to the internal 
15 RAM 104 via the external bus 102 and the internal bus 109. Then, after the bus port HOd 
disconnects the external bus 102 and the internal bus 109 from each other, a DMA 
controller 118d transfers the encrypted decryption key and the decryption key decryption 
program D723b from the internal RAM 104 to the internal RAM 105. Thereafter, a 
security controller Hid disables access from the internal bus 109 to the internal RAM 104 
20 until the decryption key decryption program D723b is completed. 

Subsequently, a description will be given to the case where the encrypted program 
is decrypted and executed. First, the CPU 103d transfers the encrypted program and the 
' decryption program D723a to the internal RAM 104 in the state in which the external bus 
102 and the internal bus 109 are connected to each other by the bus port HOd. After the 
25 bus port HOd then disconnects the external bus 102 and the internal bus 109 from each 

26 
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other, the DMA controller 118d transfers the encrypted program and the decryption 
program D723a from the internal RAM 104 to the internal RAM 105. Thereafter, the 
security controller llld disables access from the internal bus 109 to the internal RAM 104 
until the execution of the decrypted program is completed. 
5 The internal RAM 105 is used during the execution of the decryption key 

decryption program D723b, the decryption program D723a, and the decrypted program 
D728b. A description will be given to the case where the encrypted decryption key is 
decrypted and stored in the decryption key storing register 702. After the bus port llOd 
disconnects the external bus 102 and the internal bus 109 from each other, the DMA 

10 controller 118d transfers the encrypted decryption key and the decryption key decryption 
program D723b from the internal RAM 104 to the internal RAM 105. During the 
decryption of the encrypted decryption key, the CPU 103d decrypts the encrypted 
decryption key by using the internal RAM 105. A description will be given to the case 
where the encrypted program is decrypted and executed. After the bus port llOd 

15 disconnects the external bus 102 and the internal bus 109 from each other, the encrypted 
program and the decryption program D723a are transferred from the internal RAM 104 to 
the internal RAM 105. During the decryption of the encrypted program and during the 
execution of the decrypted program, the CPU 103d decrypts the encrypted program and 
executes the decrypted program by using the internal RAM 105. While the external bus 

20 102 and the internal bus 109 are connected to each other by the bus port llOd, access from 
the internal bus 109 to the internal RAM 105 is disabled. Accordingly, the decrypted 
decryption key D728e, the decrypted program D728a, and data during the execution of 
these decryption processes, each temporarily stored in the internal RAM 105, are not 
monitored from the outside. 

25 The public key storing register 106 is a register storing a public key, which is used 
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only for reading. The public key is transferred to the personal computer 128e disposed 
outside the semiconductor integrated circuit device 701 and used in conjunction with the 
decryption key encryption program D728c to encrypt the decryption key D728e. The 
encrypted decryption key is decrypted by using the decryption key decryption program 
5 D723b and the secret key stored in the secret key storing register 107. 

The secret key storing register 107 is a register storing a secret key, which is used 
only for reading. The secret key is used when the encrypted decryption key is decrypted by 
using the secret key. 

The decryption key storing register 702 is a register for storing the decryption key 
10 D728e such that it is written therein and read therefrom. The decryption key D728e is used 
in conjunction with the decryption key decryption program D723b to decrypt the encrypted 
program. 

The secret key access port 108d enables the CPU 103d to read the secret key from 
the secret key storing register 107 only while the decryption key decryption flag 704F is 

15 set and the RAM copy flag 113F is reset. Specifically, the CPU 103d enables the reading 
of the secret key from the secret key storing register 107 only while the decryption key 
decryption program D723b is initiated, the transfer of the encrypted decryption key and the 
decryption key decryption program D723b from the internal RAM 104 to the internal 
RAM 105 is completed, the RAM copy flag 113F is reset, and the encrypted decryption 

20 key is decrypted thereafter. At any time other than the above, the reading of the secret key 
is disabled. 

The decryption key access port 703 enables the writing of the decryption key 
D728e while the decryption key decryption flag 704F is set and the RAM copy flag 113 is 
reset. The decryption key access port 703 enables the reading of the decryption key D728e 
25 while the program decryption execute flag 112F is set and the RAM copy flag 113F is reset. 
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At any time other than the above, the writing and reading of the decryption key D728e are 
both disabled. Specifically, the writing of the decryption key D728e is enabled while the 
decryption key decryption program D723b is initiated, the transfer of the encrypted 
decryption key and the decryption key decryption program D723b from the internal RAM 
5 104 to the internal RAM 105 is completed, the RAM copy flag 113F is reset, and the 
encrypted decryption key is decrypted thereafter. On the other hand, the reading of the 
decryption key D728e is enabled while the decryption program D723a is initiated, the 
transfer of the encrypted program and the decryption program D723a from the internal 
RAM 104 to the internal RAM 105 is completed, the RAM copy flag 113F is reset, and the 

1 0 encrypted program is decrypted thereafter. 

The bus port HOd disconnects the internal bus 109 and the external bus 102 from 
each other when at least one of the decryption key decryption flag 704F, the program 
decryption execute flag 112F, and the RAM copy flag 113F is set. During the execution of 
the decryption key decryption program D723b, the decryption program D723a, and the 

15 decrypted program D728a, therefore, the internal bus 109 and the internal bus RAM 105 
are not monitored from the outside. In any case other than the above, the internal bus 109 
and the external bus 102 are connected to each other. 

The security controller Hid is internally provided with a flag storing portion for 
keeping the decryption key decryption flag 704F, with the program decryption execute flag 

20 112F, and with the RAM copy flag 113F, a CS dispatcher 114d, and the DMA controller 
118d. 

The decryption key decryption flag 704F is set by the CPU 103 when the 
decryption key decryption program D723b is initiated and reset by the CPU 103 when the 
decryption of the decryption key is completed. The decryption key decryption program 
25 D723b is initiated, the transfer of the encrypted decryption key and the decryption key 
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decryption program D723b from the internal RAM 104 to the internal RAM 105 is 
completed, and the RAM copy flag 113F is reset. Thereafter, access to the internal RAM 
104 is disabled during the decryption of the encrypted decryption key, while access to the 
internal RAM 105, to the secret key storing register 107, and to the decryption key storing 
5 register 702 is enabled. When the decryption key decryption flag 704F is reset, access to 
the internal RAM 105, to the secret key storing register 107, and to the decryption key 
storing register 702 is disabled. 

The program decryption execute flag 112F is set by the CPU 103d at the initiation 
of the decryption program D723a and reset by the CPU 103d at the completion of the 

10 execution of the decrypted program. The decryption program D723a is initiated, the 
transfer of the encrypted program and the decryption program D723a from the internal 
RAM 104 to the internal RAM 105 is completed, and the RAM copy flag 113F is reset. 
While the encrypted program is decrypted and the decrypted program is executed thereafter, 
access to the internal RAM 104 is disabled and access to the internal RAM 105 and to the 

1 5 decryption key storing register 702 is enabled. When the program decryption execute flag 
112F is reset, access to the internal RAM 105, to the secret key storing register 107, and to 
the decryption key storing register 702 is disabled. 

The RAM copy flag 113F is set by the CPU 103d at the initiation of the 
decryption key decryption program D723b or the decryption program D723a and reset by 

20 the CPU 103d at the completion of data transfer from the internal RAM 104 to the internal 
RAM 105. 

The CS dispatcher 114d asserts each of the chip select signals 116S and 117S 
when the RAM copy flag 113F is set, thereby enabling the DMA controller 118d to 
transfer the encrypted decryption key, the decryption key decryption program D723b, the 
25 encrypted program, and the decryption program D723a from the internal RAM 104 to the 
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internal RAM 105. When the decryption key decryption flag 704F or the program 
decryption execute flag 112F is set and the RAM copy flag 113F is reset, the CS dispatcher 
114d negates the chip select signal 116S and transfers the chip select signal 11 5S as the 
chip select signal 117S. This enables access to the internal RAM 105 during the decryption 
5 of the encrypted decryption key, during the decryption of the encrypted program, and 
during the execution of the decrypted program. In any case other than those mentioned 
above, the CS dispatcher 114d transfers the chip select signal 115S as the chip select signal 
116S and negates the chip select signal 117S, thereby disabling access to the internal RAM 
105 during a normal operation, i.e., when none of the decryption key decryption program 

10 D723b, the decryption program D723a, and the decrypted program D728a is executed. 

When the RAM copy flag 113F is set, the DMA controller 118d transfers the 
encrypted decryption key, the decryption key decryption program D723b, the encrypted 
program, and the decryption program D723a from the internal RAM 104 to the internal 
RAM 105. When the transfer is completed, the DMA controller 118d resets the RAM copy 

15 flagll3F. 

The general-purpose register controller 119d resets the general-purpose registers 
120d when the decryption key decryption flag 704F or the program decryption execute 
flag 112F is reset. During the decryption of the encrypted program, therefore, data 
generated in the general-purpose registers 120d during the execution of the decrypted 
20 program is not monitored from the outside. 

The decryption key decryption program D723b is kept in the flash memory 123d. 
When the decryption key encrypted by using the decryption key encryption program 
D728c and the secret key is decrypted, the decryption key decryption program D723b is 
transferred to the internal RAM 105 via the internal RAM 104 in the semiconductor 
25 integrated circuit device 701 to decrypt the encrypted decryption key in conjunction with 
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the secret key stored in the secret key storing register 107. 

The decryption program D723a is kept in the flash memory 123d. When the 
program encrypted by using the encryption program D728b and the encryption key D728d 
is decrypted, the decryption program D723a is transferred to the internal RAM 105 via the 
5 internal RAM 104 in the semiconductor integrated circuit device 701 to decrypt the 
encrypted program in conjunction with the decryption key stored in the decryption key 
storing register 702. 

The program D728a is encrypted by using the encryption program D728b and the 
encryption key D728d and transferred to the semiconductor integrated circuit device 701 
10 via the network 127, the personal computer 126, the USB cable 125, the USB upstream 
port 124, and the external bus 102. In the semiconductor integrated circuit device 701, the 
program D728a is decrypted by using the decryption program D723a and the decryption 
key D728e stored in the decryption key storing register 107. 

The encryption program D728b is for encrypting the program D728a by using the 
1 5 encryption key D728d. 

The decryption key encryption program D728c is for encrypting the decryption 
key D728e in conjunction with the public key stored in the public key storing register 106. 

The encryption key D728d is for encrypting the program D728a in conjunction 
with the encryption program D728b. 
20 The decryption key D728e is for decrypting the encrypted program by using the 

encryption key D728d in conjunction with the decryption program D723a. 

Information equipment 740 has the semiconductor integrated circuit device 701, 
the peripheral equipment 150, the flash memory 123d, and the USB upstream port 124. 

A description will be given next to the procedure of decrypting the encrypted 
25 decryption key and storing the decryption key D728e in the decryption key storing register 
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702. 

FIG 8 is a flow chart showing the procedure of decrypting the encrypted 
decryption key in the fourth embodiment. 

First, in Step ST801, the CPU 103d transfers the decryption key decryption 
5 program D723b and the encrypted decryption key to the internal RAM 104. 

When the transfer is completed, the whole process then advances to Step ST802 
where the CPU 103d sets the decryption key decryption flag 704F and the RAM copy flag 
113F. At this time, the bus port HOd disconnects the internal bus 109 and the external bus 
102 from each other. 

10 After the disconnection, the whole process then advances to Step ST803 where the 

DMA controller 118d transfers the decryption key decryption program D723b and the 
encrypted decryption key in the internal RAM 104 to the internal RAM 105. 

When the transfer is completed, the whole process then advances to Step ST804 
where the CPU 103d resets the RAM copy flag 113F. From the resetting of the RAM copy 
15 flag 113F on till the completion of Step ST805, which will be described later, the CS 
dispatcher 114d does not assert the chip select signal 116S. 

Next, the whole process advances to Step ST805 where the CPU 103d executes 
the decryption key decryption program D723b by using the secret key stored in the secret 
key storing register 107 to decrypt the encrypted decryption key, thereby generates the 
20 decryption key D728e, and stores it in the decryption key storing register 702. 

Finally, the whole process advances to Step ST806 where the decryption key 
decryption flag 704F is reset. When the decryption key decryption flag 704F is reset, the 
general-purpose register controller 119d resets the general-purpose registers 120d. When 
the decryption key decryption flag 704F is reset, the bus port HOd connects the internal 
25 bus 109 and the external bus 102 to each other. The CS dispatcher 114d transfers the chip 
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select signal 115S as the chip select signal 116S and negates the chip select signal 117S. 

FIG. 9 shows the respective states of the decryption key decryption flag 704F, the 
program decryption execute flag 112F, the bus port HOd corresponding to the state of the 
RAM copy flag 113F, the secret key access port 108d, the decryption key access port 703, 
5 and the chip select signals 116S and 117S. 

In FIG 9, "Open" represents the case where the bus port HOd, the secret key 
access port 108d, and the decryption key access port 703 enable data transfer and "Close" 
represents the case where data transfer is not enabled, while CS115 represents the case 
where the chip select signal 115S is transferred as the chip select signals 116S and 117S. 

10 As shown in FIG 9, when the external bus 102 and the internal bus 109 are 

connected to each other by the bus port HOd, the secret key storing register 107 and the 
decryption key decryption register 702 cannot be accessed. On the other hand, the chip 
select signal 116S is not asserted when the decryption key decryption program D723b is 
executed and the decryption key D728e is generated. Accordingly, data under decryption, 

1 5 the secret key, and the decryption key D728e are not stored in the internal RAM 104. Since 
the chip select signal 117S is negated when the external bus 102 and the internal bus 109 
are connected to each other by the bus port HOd, data under decryption, the secret key, and 
the decryption key D728e are not outputted to the outside. 

A description will be given next to the procedure of decrypting the encrypted 

20 program to generate the program D728a and executing the program D728a with reference 
to FIG. 10. 

FIG 10 is a flow chart showing the procedure of decrypting the encrypted 
program in the fourth embodiment. 

First, in Step ST 1001, the CPU 103d transfers the decryption program D723a and 
25 the encrypted program to the internal RAM 104. 
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When the transfer is completed, the whole process advances to Step ST 1002 
where the CPU 103d sets the program decryption execute flag 112F and the RAM copy 
flag 113F. At this time, the bus port llOd disconnects the internal bus 109 and the external 
bus 102 from each other. 
5 After the disconnection, the whole process advances to Step ST1003 where the 

DMA controller 118d transfers the decryption program D723a and the encrypted program 
in the internal RAM 104 to the internal RAM 105. 

When the transfer is completed, the whole process advances to Step ST 1004 
where the CPU 103d resets the RAM copy flag 113F. From the resetting of the RAM copy 
10 flag 113F on till the completion of Step ST1006, which will be described later, the CS 
dispatcher 114d does not assert the chip select signal 116S. 

Then, the whole process advances to Step ST1005 where the CPU 103d executes 
the decryption program D723a by using the decryption key D728e, thereby decrypts the 
encrypted program, and generates the program D728a. The generated program D728a is 
1 5 written in the internal RAM 105. 

Then, the whole process advances to Step ST 1006 where the CPU 103d executes 
the program D728a. 

Finally, the whole process advances to Step ST1007 where the CPU 103d resets 
the program decryption execute flag 112F. When the program decryption execute flag 
20 112F is reset, the general-purpose register controller 119d resets the general-purpose 
registers 120d. When the program decryption execute flag 112F is reset, the bus port llOd 
connects the internal bus 109 and the external bus 102 to each other. The CS dispatcher 
114d transfers the chip select signal 115S as the chip select signal 116S and negates the 
chip select signal 117S. 

25 As shown in FIG 9, the chip select signal 116S is not asserted when the 
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decryption program D723a is executed and the program D728a is generated. Accordingly, 
data under decryption, the decryption key D728e, and the program D728a are not stored in 
the internal RAM 104. Since the chip select signal 117S is negated when the external bus 
102 and the internal bus 109 are connected to each other by the bus port HOd, data under 
5 decryption, the decryption key D728e, and the program D728a are not outputted to the 
outside. 

Thus, it is no more necessary to provide the semiconductor integrated circuit 

device with an internal nonvolatile memory for keeping the decryption program so that a 

cost reduction is achieved. Moreover, the encrypted program can be decrypted and 
10 executed, while the program and data under decryption are not monitored from the outside. 

This reduces the probability that the encrypted program is hacked. 

In addition, the encryption program and the encryption strength can be selected at 

the encrypted program transferor. 

- Program Delivery Method and System - 
15 FIGS. 11 to 17 are views for illustrating a program delivery system and a program 

delivery method, which will be described herein below by using the present fourth 

embodiment as an example. 

FIGS. 11 to 17 show data transmission and reception between the semiconductor 

integrated circuit device 701 (corresponding to a second device) within information 
20 equipment used by the program user and the PC 128d (corresponding to a first device) 

used by the program developer from the encryption of a program till the decryption of the 

encrypted program. 

First, as shown in FIG. 11, the semiconductor integrated circuit device 701 at the 
user transfers a public key D106 stored in the public key storing register 106 to the PC 
25 128d at the developer. 
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Next, as shown in FIG 12, the PC 128d at the developer encrypts the decryption 
key D728e by using the public key D106 and the decryption key encryption program 
D728c to generate an encrypted decryption key 1201. 

Next, as shown in FIG. 13, the PC 128d at the developer transfers the encrypted 
5 decryption key 1201 to the semiconductor integrated circuit device 701 at the user. 

Next, as shown in FIG 14, the semiconductor integrated circuit device 701 at the 
user decrypts the encrypted decryption key 1201 by using the secret key D107 stored in the 
secret key storing register 107 and the decryption key decryption program D723b and 
stores the decryption key D728e in the decryption key storing register 702. 
10 Then, as shown in FIG 15, the PC 128d at the developer encrypts the program 

D728a by using the encryption key D728d and the encryption program D728b to generate 
an encrypted program 1501. 

Next, as shown in FIG. 16, the PC 128d at the developer transfers the encrypted 
program 1501 to the semiconductor integrated circuit device 701 at the user. 
15 Finally, as shown in FIG 17, the semiconductor integrated circuit device 701 at 

the user decrypts the encrypted program 1501 by using the decryption key D728e and the 
decryption program D723a and executes the decrypted program D728a. 

Thus, the program is encrypted by using the encryption key possessed by the 
program developer and the encrypted program is delivered to the user. Since the encrypted 
20 program can be decrypted by using the decryption key possessed by the program developer, 
it becomes possible to encrypt the program with an encryption strength desired by the 
program developer and deliver the encrypted program. 

Although each of the first to fourth embodiments has described the case where the 
control of the internal RAMs 104 and 105 is effected by using the chip select signals in the 
25 semiconductor integrated circuit, it will easily be appreciated that the present invention is 
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also similarly practicable in each of the embodiments even if a write enable signal and a 
read enable signal are used. 
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WHAT IS CLAIMED IS: 

1 . A semiconductor integrated circuit device comprising: 

a first memory for inputting and outputting data between a bus and itself; 
a second memory for inputting and outputting data between the bus and itself; 
5 a secret key holder for holding a secret key; 

a bus port for controlling access from outside to the bus; 

a CPU for storing an encrypted program and a decryption program in the first 
memory via the bus port, decrypting the encrypted program by using the decryption 
program and the secret key, and executing the decrypted program; and 

10 a controller for causing, when the encrypted program and the decryption program 

are stored in the first memory, the bus port to disable access from the outside, enabling 
access to the first and second memories, and thereby transferring the encrypted program 
and the decryption program from the first memory to the second memory, 

disabling access to the first memory when the transfer is completed, and 

15 disabling access to the second memory when the decryption and the execution of 

the decrypted program are completed. 

2. The semiconductor integrated circuit device of claim 1, further comprising: 

a secret key access port for controlling access from the CPU to the secret key 
holder, wherein 

20 the secret key access port enables access to the secret key holder when the transfer 

is completed and disables access to the secrete key holder when the execution of the 
decrypted program is completed. 

3. The semiconductor integrated circuit device of claim 1, wherein the CPU 
includes a register and erases data stored in the register if the execution of the decrypted 

25 program is completed. 
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4. The semiconductor integrated circuit device of claim 1, wherein the controller 
controls access to the first and second memories by controlling chip select signals to the 
first and second memories. 

5. The semiconductor integrated circuit device of claim 1, wherein 

5 the controller includes a flag storing portion for storing first and second flags, 

enables access to the first and second memories when the first flag is set, disables access to 
the first memory when the first flag is reset and the second flag is set, and disables access 
to the second memory when each of the first and second flags is reset, 

the bus port disables access from the outside when at least one of the first and 
1 0 second flags is set, and 

the CPU sets the first and second flags when the encrypted program and the 
decryption program are inputted to the first memory, resets the first flag when the transfer 
is completed, and resets the second flag when the execution of the decrypted program is 
completed. 

15 6. A semiconductor integrated circuit device comprising: 

a first memory for inputting and outputting data between a bus and itself; 
a second memory for inputting and outputting data between the bus and itself; 
a first memory port connected between the bus and the first memory to control 
access from the bus to the first memory; 
20 a second memory port connected between the bus and the second memory to 

control access from the bus to the second memory; 

a secret key holder for holding a secret key; 

a bus port for controlling access from outside to the bus; 

a CPU having a register, the CPU writing an encrypted program and a decryption 
25 program in the first memory via the bus port, decrypting the encrypted program by using 
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the decryption program and the secret key, writing the decrypted program in the second 
memory, and executing the decrypted program; and 

a controller for causing, when the writing to the first memory is completed, the 
bus port to disable access from the outside to the bus, causing the first memory port to 
5 disable the writing to the first memory, and causing the second memory port to enable 
access to the second memory and 

causing, when the execution of the decrypted program is completed, the CPU to 
erase data stored in the register and disable access to the secrete key holder, while causing 
the second memory port to disable access to the second memory. 
10 7. A semiconductor integrated circuit device comprising: 

a first memory for inputting and outputting data between a bus and itself; 

a second memory for inputting and outputting data between the bus and itself; 

a memory port connected between the bus and the first memory to control access 
from the bus to the first memory; 
1 5 a secret key holder for holding a secret key; 

a bus port for controlling access from outside to the bus; 

a CPU having a register, the CPU writing an encrypted program and a decryption 
program in the first memory via the bus port, decrypting the encrypted program by using 
the decryption program and the secret key, writing the decrypted program in the second 
20 memory, and executing the decrypted program; and 

a controller including a memory initializer for erasing data in the second memory, 
the controller causing, when the wiring to the first memory is completed, the bus port to 
disable access from the outside to the bus and causing the memory port to disable the 
writing to the first memory and 
25 causing, when the execution of the decrypted program is completed, the CPU to 
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erase data stored in the register and disable access to the secret key holder and causing the 
memory initializer to erase the data in the second memory. 

8. A semiconductor integrated circuit device comprising: 

a first memory for inputting and outputting data between a bus and itself; 
5 a second memory for inputting and outputting data between the bus and itself; 

a secret key holder for holding a secret key; 

a decryption key holder for holding a decryption key; 

a bus port for controlling access from outside to the bus; 

a CPU including a register, the CPU performing first storage for storing the 
10 encrypted decryption key and a decryption key decryption program in the first memory via 
the bus port, performing first decryption for decrypting the encrypted decryption key by 
using the decryption key decryption program and the secret key, writing the decrypted 
decryption key in the decryption key holder, performing second storage for storing an 
encrypted program and a decryption program in the first memory, performing decryption 
1 5 for decrypting the encrypted program by using the decryption program and the decrypted 
decryption key, and executing the decrypted program; and 

a controller for causing, when the first storage to the first memory is completed, 
the bus port to disable access from the outside to the bus and enabling access to the first 
and second memories such that the encrypted decryption key and the decryption key 
20 decryption program are transferred from the first memory to the second memory, 

enabling, when the transfer is completed, access to the secret key holder and 
disabling access to the first memory; 

causing, when the first decryption is completed, the CPU to erase data stored in 
register and disable access to the secret key holder, while disabling access to the second 
25 memory, enabling access to the first memory, and causing the bus port to enable access 
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from the outside to the bus, 

causing, when the second storage to the first memory is completed, the bus port to 

) 

disable access from the outside to the bus and enabling access to the second memory such 
that the encrypted program and the decryption program are transferred from the first 
5 memory to the second memory, 

enabling, when the transfer is completed, access to the decryption key holder and 
disabling access to the first memory, and 

causing, when the second decryption and the execution of the decrypted program 
are completed, the CPU to erase data stored in the register and disable access to the secret 
1 0 key holder and disabling access to the second memory. 

9. A program delivery method for delivering a program between a first device and 
a second device, the method comprising the steps of: 

transferring a public key from the second device to the first device; 

transferring a decryption program to the second device from the outside thereof; 
15 encrypting the program by using the public key in the first device and transferring 

the encrypted program to the second device; and 

decrypting the encrypted program by using a secret key corresponding to the 
public key and the decryption program in the second device. 

10. A program delivery method for delivering a program between a first device 
20 and a second device, the method comprising the steps of: 

transferring a public key from the second device to the first device; 
encrypting a decryption key by using the public key in the first device and 
transferring the encrypted decryption key to the second device; 

decrypting the encrypted decryption key by using a secret key corresponding to 
25 the public key in the second device; 
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encrypting the program by using an encryption key corresponding to the 
decryption key in the first device and transferring the encrypted program to the second 
device; and 

decrypting the encrypted program by using the decrypted decryption key in the 
5 second device. 

1 1 . A program delivery system for delivering a program, the system comprising: 
a first device and a second device, 

the first device encrypting the program by using a public key and transferring the 
encrypted program to the second device and 
10 the second device decrypting the program encrypted by the first device by using a 

secret key corresponding to the public key and a decryption program transferred from the 
outside of the second device. 

12. A program delivery system for delivering a program, the system comprising: 
a first device and a second device, 

15 the first device encrypting a decryption key by using a public key, transferring the 

encrypted decryption key to the second device, encrypting the program by using an 
encryption key corresponding to the decryption key, and transferring the encrypted 
program to the second device, 

the second device decrypting the decryption key encrypted by the first device by 

20 using a secret key corresponding to the public key and decrypting the program encrypted 
by the first device by using the decrypted decryption key. 
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ABSTRACT OF THE DISCLOSURE 

When an encrypted program and a decryption program are inputted to a first 
memory, a semiconductor integrated circuit device causes a bus port to disable access from 
the outside and enables access to the first memory and to a second memory, thereby 
5 transferring the encrypted program and the decryption program from the first memory to 
the second memory. When the transfer is completed, the semiconductor integrated circuit 
device disables access to the first memory and gives, to a CPU, an instruction to decrypt 
the encrypted program by using a secret key held in a secret key holder and the decryption 
program and execute the decrypted program. After the execution of the decrypted program 
10 is completed, the semiconductor integrated circuit device disables access to the second 
memory. 
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